aspnetcore/breaking-changes/5/authorization-resource-in-endpoint-routing.md
When using endpoint routing in ASP.NET Core 3.1, the resource used for authorization is the endpoint. This approach was insufficient for gaining access to the route data (xref:Microsoft.AspNetCore.Routing.RouteData). Previously in MVC, an xref:Microsoft.AspNetCore.Http.HttpContext resource was passed in, which allows access to both the endpoint (xref:Microsoft.AspNetCore.Http.Endpoint) and the route data. This change ensures that the resource passed to authorization is always the HttpContext.
ASP.NET Core 5.0
When using endpoint routing and the authorization middleware (xref:Microsoft.AspNetCore.Authorization.AuthorizationMiddleware) or [Authorize] attributes, the resource passed to authorization is the matching endpoint.
Endpoint routing passes the HttpContext to authorization.
You can get to the endpoint from the HttpContext. However, there was no way to get from the endpoint to things like the route data. There was a loss in functionality from non-endpoint routing.
If your app uses the endpoint resource, call xref:Microsoft.AspNetCore.Http.EndpointHttpContextExtensions.GetEndpoint%2A on the HttpContext to continue accessing the endpoint.
You can revert to the old behavior with xref:System.AppContext.SetSwitch%2A. For example:
AppContext.SetSwitch(
"Microsoft.AspNetCore.Authorization.SuppressUseHttpContextAsAuthorizationResource",
isEnabled: true);
None
<!-- ### Category ASP.NET Core ### Affected APIs Not detectable via API analysis -->